CVE Catalog

CVE-2026-25446

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Summary

In WishList Member X versions up to 3.29.0, there is a vulnerability that allows subscribers to upload arbitrary files.

Risk Assessment

An attacker could exploit this vulnerability to upload malicious software, potentially compromising the system.

Recommendation

It is recommended to update to the latest version of WishList Member to mitigate this vulnerability.

Original NVD description (English source)

Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS